There’s a serious bug in the current implementation of SAML authentication which allows an unauthenticated attacker to log into any existing user account without a password. The details have been reported to the vendor.
The quick fix below has been tested with SuiteCRM-7.8.18 LTS but may also work with newer SuiteCRM versions.
Name | Size | MD5 |
---|---|---|
SuiteCRM-7.8.18-SAML-auth.patch | 895 B | 43f851518ce8147efcfdd128d06ab5ab |
To apply the patch on a Linux system run the following command in the SuiteCRM root:
# patch -p0 <SuiteCRM-7.8.18-SAML-auth.patch